From: | Diego Schulz <dschulz(at)gmail(dot)com> |
---|---|
To: | Carlos Mennens <carlos(dot)mennens(at)gmail(dot)com> |
Cc: | PostgreSQL <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Changed SSL Certificates |
Date: | 2011-04-08 17:56:04 |
Message-ID: | BANLkTikYcO3XSD9KnvjDPynM3vH1SoUfOA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Fri, Apr 8, 2011 at 2:21 PM, Carlos Mennens <carlos(dot)mennens(at)gmail(dot)com>wrote:
> On Fri, Apr 8, 2011 at 1:15 PM, Diego Schulz <dschulz(at)gmail(dot)com> wrote:
> > Hi,
> > When linking to the certificate and key you should specify the full path.
> > ln -s /etc/ssl/certs/db1_ssl.crt /full/path/to/db1_ssl.crt
> > ln -s /etc/ssl/private/db1_ssl.key /full/path/to/db1_ssl.key
>
> Thanks for the quick reply Diego. I posted the commands above and I
> used the full path to the certificates as you can see. Here's the
> info:
>
> lrwxrwxrwx 1 postgres postgres 26 Apr 8 10:43 db1_ssl.crt ->
> /etc/ssl/certs/db1_ssl.crt
> lrwxrwxrwx 1 postgres postgres 28 Apr 8 10:50 db1_ssl.key ->
> /etc/ssl/private/db1_ssl.key
>
> The 1st part is just the symbolic link referenced in
> /var/lib/postgresql/8.4/main but you can see it knows to reference the
> symbolic links to /etc/ssl/...
>
> I'm thinking there's some random configuration file for PostgreSQL
> that has pointers to the old server.crt and server.key files but I've
> searched /etc/postgres/ and /var/lib/postgresql/8.4/main completely
> and can't find it what so ever. I am not authorized to disable SSL per
> DoD standards / requirements sadly.
>
> Any thing else I am missing? I can't be the 1st person to switch SSL
> certificates during utilization.
>
>
Make sure the files have the right ownership and permissions.
It looks like ownership is correct (postgres:postgres) but permissions might
be too loose.
Try chmod 400 on your key and certificate and see what happens.
cheers,
diego
From | Date | Subject | |
---|---|---|---|
Next Message | Adrian Klaver | 2011-04-08 18:01:55 | Re: Changed SSL Certificates |
Previous Message | Gipsz Jakab | 2011-04-08 17:40:17 | Re: PostgreSQL + FreeBSD memory configuration, and an issue |